[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What to do about SSH brute force attempts?

> Hi,
> * use a Firewall to prevent other IP address to connect to your ssh
> service. restrict just to yours (iptables script can be easy to find on
> the web)
Well, I should have added that my hosts must be world-wide accessible using
password-based authentication, so this is no option.

> * use Fail2ban which can ban ssh auth failure and create iptables rules.
> (google can help your search about fail2ban)
Well, I'm using denyhosts and a custom iptables script, so this is fairly ok
already. Nevertheless, fail2ban may be yet another safetynet that I should add.
> Third use a non standart ssh port (for example 2222) apt-get install fail2ban
I'm not a huge fan of security by obscurity, so I'd rather stick with 22 for

What remains open is what could one do proactively? I don't really feel like
striking back, but getting rid of the attackers would be kind of nice...


Attachment: pgpaAVo7vnt_a.pgp
Description: PGP signature

Reply to: